CHANGE DEFAULT PASSWORDS
CHANGE DEFAULT SSH PORT
iOS SSH TERMINAL EMULATORS
SECURITY STEPS MUST DO - CHANGE DEFAULT PASSWORDS AND SSH PORT:
```````````````````````````````````````````````````````````````
The default names, passwords and ports are the same on all devices. Meaning if left like this anyone can login to your jailbroken device remotely and gain control. To prevent this:
1. Install OpenSSH:
On your device launch Cydia > on the home screen under 'User Guides' select 'OpenSSH Access How-To', click 'install the OpenSSH package' > click Install (top right) > click Confirm.
2. SSH (connect) to your device by doing first:
a. Acquire the IP of device: Settings > Wi-Fi > click on your Wi-Fi connection's name > make a note of the IP under 'IP Address'. For example mine 192.168.0.104.
b:
| ON WIN - | b. Use an SSH client such as PuTTy (portable, free), KiTTy (portable, free, fork of PuTTy) or SecureCRT. (For those that have never used an SSH client before it is used to connect to a server by entering IP, port, name, password. The interface is purely text where you type in commands to be executed; not to worry as I list each command that we will use.) Make a new connection to your device: IP: the one you made note of above Port: 22 Once connected you'll be prompted for: Name: root Password default: alpine (older firmware default pass is: dottie) (you won't be able to view the pass as you type it in). |
| ON MAC - | b. Launch your terminal window; Applications > Utilities > Terminal > type in then press your enter key: ssh -l root YOUR.IP.HERE -p 22 (replace 'YOUR.IP.HERE' with the one you made note of above) You'll be prompted for your password; type in: alpine (older firmware default pass is: dottie) (you won't be able to view the pass as you type it in). |
| ON DEVICE - | b. Or instead of from your PC you can do it on your device by installing an iOS SSH terminal emulator on your device such as 'Server Auditor' (free, no ads, in-app purchase options), (More SSH clients to select from at the end of this article.) IP: 127.0.0.1 (or: localhost or same IP you acquired in step a.) Port: 22 Name: root Password default: alpine (older firmware default pass is: dottie) |
c. Once connected Accept and Save the server's Host Key:
3. Change root password:
Make note of your new root password; you can NOT recover it.
To change in type in:
passwd
Type in your new password (you won't be able to view the pass as you type it in), press your Enter key and type it again when prompted.
Output will be similar to:
Mewbies:~ root# passwd
Changing password for root.
New password:
Retype new password:
4. Change user mobile's password by typing in:
passwd mobile
Do NOT use the same password as root. Make note of it, you can't recover it, but you can always change mobile's account password again from your root account.
NOTES - Can Skip:
i. If you want to switch to another user's account, mobile for example, type in:
su mobile
ii. If you are not performing any task that NEED root access then login as mobile. You can always switch to root by typing in su then followed by root's password.
iii. By the way the default pass for mobile is alpine also (older firmware default pass is: dottie).
5. NEXT - CHANGE DEFAULT SSH PORT:
Change default SSH (and SFTP) from port 22 to another:
ON DEVICE:
a. Install a text editor such as 'Nano'. To do this; open Cydia, click Search (bottom right), type in Nano, install it.
b. Connect to your device via SSH if you aren't still connected. Type into the terminal window:
nano /etc/services
For those that have never used a terminal editor before; navigate your cursor with your arrow keys.
Press Ctrl+w keys to launch search, type in ssh, hit your Enter key.
It has:
ssh 22/udp # SSH Remote Login Protocol
ssh 22/tcp # SSH Remote Login Protocol
Change 22 to another port number from 49152 through 65535.
For example I changed mine to:
ssh 63978/udp # SSH Remote Login Protocol
ssh 63978/tcp # SSH Remote Login Protocol
Save changes by selecting Ctrl+x keys, y key, then Enter key.
c. iPad I did NOT need to do this: I read to edit 'com.openssh.sshd.plist' to state ssh2 instead of ssh. I left mine at 'ssh' as my /etc/services also stated 'ssh':
nano /Library/LaunchDaemons/com.openssh.sshd.plist
This string:
<key>SockServiceName</key>
<string>ssh</string>
d. For the changes to take effect you need to either restart ssh; type in:
killall ssh
Then reconnect. Or reboot your device; type in: reboot
e. Test your password and port changes work fine by connecting to your device again through SSH (using your new password and port). You'll need to save the certificate again.
f. Exit SSH connection by typing in: exit
Done :)
Next step you should do is install a Firewall and PMP before installing any apps; view 3) Privacy & Security.
MISC NOTES - can skip:
1. Another (not advised) security step that you might read to do is to turn off SSH until you need it. This is not needed if you changed your password and port. Furthermore it is not a good idea to turn off SSH; if something goes wrong with the device i.e. gets stuck in a continuous Apple logo loop because of installing a bad package for example, you can't SSH in to use dpkg to remove said package (to view dpkg options: dpkg -h). You would have to restore the device back to original.
If you still want to disable SSH an easy method install 'Toggle SSH' by Linux_insidev2 on Cydia which has a GUI to simply enable or disable SSH.
2. You can now set up an SFTP connection to your device to transfer files using an FTP client such as FTPRush or FileZilla.
IP: same, Port: same as your SSH, Name: root (or mobile), Pass: Yours, Protocol: SSH FTP
iOS SSH TERMINAL EMULATORS:
```````````````````````````
Just to mention a few that I like:
FREE:
Server Auditor by Crystalnix is my favorite free client, no ads! (in-app purchase options), utilizes full screen by tucking away the menu, can scroll, has key shortcuts, can change font size and color scheme, can set a PIN to launch it, etc :) Love it!
Wish List: Offer in App Store also the upgraded version; the In-App purchases don't always work!
iTerminal by ComcSoft, free (has an upgrade, $2.99, banner at bottom when keyboard isn't open and minor pop-ups to upgrade).
Some other simple free, ad free, open source terminal clients; on Cydia:
'MobileTerminal (iOS7)' by Fr0st on Cydia. If it isn't listed add to your Cydia repo: repo.insanelyi.com (Cydia > Manage > Sources > Edit > Add > repo.insanelyi.com ). It does not run in landscape mode though, MTerminal below does.
MTerminal (MobileTerminal fork) by lordscotland, free (icon same as MobileTerminal). This does run in landscape and portrait mode and can scroll. Furthermore has 'tap zones' to access other options; this did not work for my device. (Note to self to remember: To paste text from the system pasteboard; double tap with two fingers).
Wish List: Ability to minimize the keyboard and tap zone to work in iOS7 iPad mini.
NOT FREE:
iSSH by Zinger-Soft $9.99, favorite paid one, though the scroll can be a bit sticky. Also functions as a tunneled VNC client for remote, etc. (To view all available shell cmds installed on your device tap Tab key, y, then Enter to scroll more. Quit list tap q)
Others I haven't tried yet but look sweet: 'TinyTERM ITX 2' $14.99, pTerm $4.99 (based on PuTTy), and Terminus $4.99 but not updated since 2012 (v2.2) :(.
If you find mistakes, have suggestions, and or questions please post at mewbies forum HERE - thank you.
Last update on 17 Feb '14